From 0e94ae17c857b3835a2b8ea46ce44b5da4e2cc5d Mon Sep 17 00:00:00 2001 From: Jarkko Sakkinen Date: Tue, 18 Oct 2011 21:21:36 +0300 Subject: Smack: allow to access /smack/access as normal user Allow query access as a normal user removing the need for CAP_MAC_ADMIN. Give RW access to /smack/access for UGO. Do not import smack labels in access check. Signed-off-by: Jarkko Sakkinen Signed-off-by: Casey Schaufler --- security/smack/smack_access.c | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) (limited to 'security/smack/smack_access.c') diff --git a/security/smack/smack_access.c b/security/smack/smack_access.c index a885f628f56e..cc7cb6edba08 100644 --- a/security/smack/smack_access.c +++ b/security/smack/smack_access.c @@ -353,17 +353,13 @@ struct smack_known *smk_find_entry(const char *string) } /** - * smk_import_entry - import a label, return the list entry - * @string: a text string that might be a Smack label + * smk_parse_smack - parse smack label from a text string + * @string: a text string that might contain a Smack label * @len: the maximum size, or zero if it is NULL terminated. - * - * Returns a pointer to the entry in the label list that - * matches the passed string, adding it if necessary. + * @smack: parsed smack label, or NULL if parse error */ -struct smack_known *smk_import_entry(const char *string, int len) +void smk_parse_smack(const char *string, int len, char *smack) { - struct smack_known *skp; - char smack[SMK_LABELLEN]; int found; int i; @@ -381,7 +377,22 @@ struct smack_known *smk_import_entry(const char *string, int len) } else smack[i] = string[i]; } +} + +/** + * smk_import_entry - import a label, return the list entry + * @string: a text string that might be a Smack label + * @len: the maximum size, or zero if it is NULL terminated. + * + * Returns a pointer to the entry in the label list that + * matches the passed string, adding it if necessary. + */ +struct smack_known *smk_import_entry(const char *string, int len) +{ + struct smack_known *skp; + char smack[SMK_LABELLEN]; + smk_parse_smack(string, len, smack); if (smack[0] == '\0') return NULL; -- cgit v1.2.3